I am intending to install skype and only run it from a new, dedicated user to limit my system's exposure to it. Not installing skype really is not an option, so if there are any other ideas, I would like to hear them.
Second, I would like to disallow my normal user from running skype, just so I don't do it by accident. I can't seem to find any instructions on how to do this on Google.
I would like to do the same thing with wine.

By the way, the method I intend to use is as follows:

add a group called skype
make a new user with primary group skype and also add to the audio group
add an alias to my .bashrc file: alias skype="xhost +local: && sudo -u skype /opt/bin/skype"
add %wheel ALL=(skype) NOPASSWD: /usr/bin/skype to my soders file

Apparmor is a good choice, but it requires a patch to ensure compatibility with version 2.4, which I have not found (working) on the kernel older than 3.2.9, not to mention the version 3.5.3 - which I'm currently using

Generally, perhaps one day will AppArmor had real support in Gentoo, but for now it is the overlay userspace and kernel requires patches from Ubuntu, I would not call this normal support, which the widths of the system responsible for the safety of a very important

In general, I do not understand, if you need compatibility with userspace apparmor-2.4 version, how did it happen that the kernel apparmor went without this (very important) compatibility.

Both Grsecurity in hardened-sources, as well as all sources SELINUX any special patch does not need to just work.